New Wi-Fi Security Vulnerability Demonstrates the Importance of Updating All Wi-Fi Enabled Devices

KRACK Wifi Hack Has IT Professionals & Businesses Open To Security Threats

Some of you could probably have predicted this one. Another widespread vulnerability affecting practically everyone and everything that uses Wi-Fi was revealed on October 16, allowing hackers to decrypt and potentially look at everything people are doing online. Here, we will examine more details of this revelation, and also cover why you need the proactive IT support of teams like Cooper Technologies to guide you through Wi-Fi security updates until patches can be rolled out.

Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack. Vanhoef’s description of the bug on his KRACK website is startling: “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

“The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

What’s Fueling This Wi-Fi Security Vulnerability?

It affects a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), relied on by most Wi-Fi users to keep their web use hidden and secret from others. More specifically, the KRACK attack allows a hacker to trick a victim into reinstalling an already-in-use key.

Every key should be unique and not reusable, but a flaw in WPA2 means a hacker can tweak and replay the “handshakes” carried out between Wi-Fi routers and devices connecting to them; during those handshakes, encryption keys made up of algorithmically-generated, one-time-use random numbers are created.

It turns out that in WPA2, it’s possible for an attacker to manipulate the handshakes so that the keys can be reused and messages silently intercepted.

The researchers, who said the attack was particularly severe for Android and Linux users, show how devastating an attack could be in this demonstration video.

The attacks on Google’s Android are made simpler by a coding error, where an attacker will know the key just by forcing a reinstallation. That’s because the operating system uses what’s known as an “all-zero encryption key” when the reinstallation is initiated, which is easier to intercept and use maliciously.

As for how widespread this Wi-Fi security issue is, it appears almost any device that uses Wi-Fi is affected. “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products [and devices] as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks,” explained Vanhoef.

What Can You Do to Protect Yourself?

For that reason, users may want to be wary of using Wi-Fi at all until patches are widely rolled out. For now, it looks as if some manufacturers are pushing out Wi-Fi network security updates, which should go some way to preventing attacks.

The vulnerabilities have been given the identities of: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088, though there’s little detail available on each yet.

Note that devices such as laptops and smartphones will require updates as well as routers. Indeed, Vanhoef said it’s more urgent for general users to patch their personal devices, whether they are phones, PCs or any smart device – be they watches, TVs or even cars. He recommended users get in touch with the relevant vendors to find out when patches are coming.

Given the range of devices affected, it’s almost guaranteed Wi-Fi security patches won’t make it to everyone. The US Computer Emergency Response Team (CERT) has released an advisory, which notes a number of affected vendors, including Cisco, Intel and Samsung, amongst many other major tech providers.

A Google spokesperson wrote in a statement released Monday: “We’re aware of the issue, and we will be patching any affected devices in the coming weeks.”

Cisco also said it had published a security advisory to detail which products are affected, and a blog to help customers better understand the issue. “Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available,” a spokesperson said.

Intel confirmed it was “working with its customers and equipment manufacturers to implement and validate firmware and software updates that address the vulnerability.” It also released an advisory.

Cooper Technologies had already started patching client devices before the news story on the KRACK hack hit. We will follow through with any individual or business in the San Francisco Bay Area that elects to have us do their Wi-Fi device patching.

Why You Need to Have a Proactive IT Group Handling Your Wi-Fi Patching

Deciding to cut a corner here and do your own, or have an unqualified outfit or individual handle the patching and updating of the Wi-Fi devices on your network might create more of a mess, as opposed to fixing it.

Cooper Technologies has technology engineers on staff who are well-trained in how to handle Wi-Fi security vulnerabilities – among other IT adversities.